Age | Commit message (Collapse) | Author | |
---|---|---|---|
2018-10-12 | Improve signature verification safeguards (#8959) | Eugen Rochko | |
* Downcase signed_headers string before building the signed string The HTTP Signatures draft does not mandate the “headers” field to be downcased, but mandates the header field names to be downcased in the signed string, which means that prior to this patch, Mastodon could fail to process signatures from some compliant clients. It also means that it would not actually check the Digest of non-compliant clients that wouldn't use a lowercased Digest field name. Thankfully, I don't know of any such client. * Revert "Remove dead code (#8919)" This reverts commit a00ce8c92c06f42109aad5cfe65d46862cf037bb. * Restore time window checking, change it to 12 hours By checking the Date header, we can prevent replaying old vulnerable signatures. The focus is to prevent replaying old vulnerable requests from software that has been fixed in the meantime, so a somewhat long window should be fine and accounts for timezone misconfiguration. * Escape users' URLs when formatting them Fixes possible HTML injection * Escape all string interpolations in Formatter class Slightly improve performance by reducing class allocations from repeated Formatter#encode calls * Fix code style issues | |||
2018-10-11 | Merge pull request #775 from ThibG/glitch-soc/merge-upstream | ThibG | |
Merge upstream changes | |||
2018-10-11 | Merge commit 'ac7df62a0441b95ec04fd9111a9394795dd53ff2' into ↵ | Thibaut Girka | |
glitch-soc/merge-upstream | |||
2018-10-10 | Really fix HotKeys | Thibaut Girka | |
2018-10-10 | Add description meta tag additionally to og:description (#8941) | Eugen Rochko | |
Fix #8685 | |||
2018-10-10 | Add dns-prefetch if using different host for assets or uploads (#8942) | Eugen Rochko | |
2018-10-09 | Merge branch 'master' into glitch-soc/merge-upstream | Thibaut Girka | |
Conflicts: app/javascript/packs/public.js Changes made to app/javascript/packs/publics.js were applied to app/javascript/core/settings.js | |||
2018-10-09 | Fix that the copy button of verify link did not work. (#8938) | mayaeh | |
2018-10-09 | Track historical space stats in PgHero to determine PostgreSQL growth (#8906) | Eugen Rochko | |
2018-10-09 | Fix CW icon color in local-settings modal | Thibaut Girka | |
2018-10-09 | Define some local-settings hints | Thibaut Girka | |
2018-10-09 | Add support for hints (or extended descriptions) in local-settings pages | Thibaut Girka | |
2018-10-09 | When screen width is too narrow, hide local-settings page text, keep only icons | Thibaut Girka | |
2018-10-09 | Change “preferences” icon to match settings page icon | Thibaut Girka | |
2018-10-09 | Add icons for each of the local-setting pages | Thibaut Girka | |
2018-10-09 | Merge branch 'master' into glitch-soc/merge-upstream | Thibaut Girka | |
2018-10-09 | Merge pull request #770 from ThibG/glitch-soc/merge-upstream | ThibG | |
Merge upstream changes | |||
2018-10-09 | Fix app-wide hotkeys randomly failing to work | Thibaut Girka | |
2018-10-09 | Add Japanese translations. (#8927) | mayaeh | |
2018-10-08 | Merge branch 'master' into glitch-soc/merge-upstream | Thibaut Girka | |
2018-10-08 | Fixed error occurrence when pinning the DM column. (#8922) | mayaeh | |
2018-10-08 | Merge branch 'master' into glitch-soc/merge-upstream | Thibaut Girka | |
2018-10-08 | Move “Show action buttons in collapsed toots” option | Thibaut Girka | |
2018-10-08 | Switch from selects to radio buttons for local settings, improve styling | Thibaut Girka | |
2018-10-08 | rubocop issues - Cleaning up (#8912) | ashleyhull-versent | |
* cleanup pass * undo mistakes * fixed. * revert | |||
2018-10-08 | Remove dead code (#8919) | Eugen Rochko | |
SignatureVerification#matches_time_window? is not called anywhere. | |||
2018-10-08 | Replace SVG asset with Custom mascot (#8766) | ashleyhull-versent | |
2018-10-07 | Add conversations API (#8832) | Eugen Rochko | |
* Add conversations API * Add web UI for conversations * Add test for conversations API * Add tests for ConversationAccount * Improve web UI * Rename ConversationAccount to AccountConversation * Remove conversations on block and mute * Change last_status_id to be a denormalization of status_ids * Add optimistic locking | |||
2018-10-07 | [Glitch] Change documentation URL | Thibaut Girka | |
Port 28401962caff028f328d674878e1f0abd16ffdfd to glitch-soc | |||
2018-10-07 | [Glitch] RTL: fix margins of public-account-header__tabs | Thibaut Girka | |
Port 185cb2dc3aac59ee27aa962fff48b064bd638567 to glitch-soc | |||
2018-10-07 | Merge branch 'master' into glitch-soc/merge-upstream | Thibaut Girka | |
2018-10-07 | Ensure only toots from the reported users are reported (#8916) | ThibG | |
2018-10-07 | Do not scroll timelines when *closing* media modals | Thibaut Girka | |
Media modals push an history state so that pressing back on mobile closes them. We made sure to not scroll when opening them, but not when *closing* them, which caused some issues in rare cases. | |||
2018-10-06 | i18n: Update Polish translation (#8901) | Marcin Mikołajczak | |
Signed-off-by: Marcin Mikołajczak <me@m4sk.in> | |||
2018-10-06 | Change documentation URL (#8898) | Eugen Rochko | |
* Change documentation URL * Fix hardcoded documentation URL in locales | |||
2018-10-06 | RTL: fix margins of public-account-header__tabs (#8897) | Masoud Abkenar | |
* RTL: fix margins of public-account-header__tabs * fix style * even more stylish code :) | |||
2018-10-05 | Merge branch 'master' into glitch-soc/merge-upstream | Thibaut Girka | |
2018-10-05 | Leave unknown language as nil if account is remote (#8861) | Jeong Arm | |
* Force use language detector if account is remote * Set unknown remote toot's language as nil | |||
2018-10-05 | [Glitch] Add a confirmation dialog when hitting reply and the compose box ↵ | Thibaut Girka | |
isn't empty | |||
2018-10-05 | Add a confirmation dialog when hitting reply and the compose box isn't empty ↵ | ThibG | |
(#8893) * Add a confirmation dialog when hitting reply and the compose box isn't empty Fixes #878 * Performance improvement | |||
2018-10-05 | Merge branch 'master' into glitch-soc/merge-upstream | Thibaut Girka | |
Conflicts: db/migrate/20170716191202_add_hide_notifications_to_mute.rb spec/controllers/application_controller_spec.rb Took our version, upstream changes were only minor style linting. | |||
2018-10-04 | Limit the number of people that can be followed from one account (#8807) | Eugen Rochko | |
Configurable soft limit of 7,500, and above that, configurable ratio of 1.1 * followers, controlled by: - MAX_FOLLOWS_THRESHOLD - MAX_FOLLOWS_RATIO Fix #2311 | |||
2018-10-04 | Change admin accounts default sort to most recent (#8813) | Eugen Rochko | |
2018-10-04 | Fix link verification for remote accounts (#8868) | Eugen Rochko | |
2018-10-03 | Fix handling of ActivityPub activities lacking some attributes (#8864) | ThibG | |
2018-10-02 | Make hidden media clickable in account media gallery | Thibaut Girka | |
2018-10-02 | Add media description (or status spoiler) in account media gallery | Thibaut Girka | |
2018-10-02 | Fix account gallery hidden media background color in mastodon-light | Thibaut Girka | |
2018-10-02 | [Glitch] Honour displayMedia setting in accountMedia gallery | Thibaut Girka | |
Inspired by b79ab15859e7f8383526afd147e8416d2df2f7a7 | |||
2018-10-01 | [Glitch] Add support for new display_media setting | Thibaut Girka | |
Port f7a6f9489da9b2a1820366654df47b8a52f5c5bc to glitch-soc [API] [vanilla required] [glitch-soc optional] initial_state show_sensitive_media boolean changed to show_media string with options "default", "hide_all", "show_all" |